CVE-2026-0897: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component

January 15, 2026

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

References

github.com/advisories/GHSA-xfhx-r7ww-5995
github.com/keras-team/keras
github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6
github.com/keras-team/keras/pull/21880
nvd.nist.gov/vuln/detail/CVE-2026-0897

Code Behaviors & Features

Detect and mitigate CVE-2026-0897 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →